When using an anonymity or privacy service, it is extremely important that all traffic originating from your computer is routed through the anonymity network. If any traffic leaks outside of the secure connection to the network, any adversary monitoring your traffic will be able to log your activity.

Report: How thousands of companies monitor, analyze, and influence the lives of billions. Who are the main players in today’s digital tracking? What can they infer from our purchases, phone calls, web searches, and Facebook likes? How do online platforms, tech companies, and data brokers collect, trade, and make use of personal data?

“Due to Thanksgiving and other deadlines, our lawyers were not available to advise us on what we can and cannot say,” the collective member told me. “So in the interest of adopting a precautionary principle, we couldn’t say anything. Now that we have talked to [counsel], we can clearly say that since our beginning, and as of this writing, riseup has not received a NSL, a FISA order/directive, or any other national security order/directive, foreign or domestic.”

Signal's new anti-censorship feature uses a trick called "domain fronting," Marlinspike explains. A country like Egypt, with only a few small internet service providers tightly controlled by the government, can block any direct request to a service on its blacklist. But clever services can circumvent that censorship by hiding their traffic inside of encrypted connections to a major internet service, like the content delivery networks (CDNs) that host content closer to users to speed up their online experience -- or in Signal's case, Google's App Engine platform, designed to host apps on Google's servers.

Before Edward Snowden told us so much about NSA surveillance, before Mark Klein told us a little, even before 9/11, Duncan Campbell broke the story of ECHELON. This is his story of that story. It's a fascinating read.

(Yes, it turns out that NSA mass surveillance didn't start after 9/11.)

The tracking technology takes advantage of the lax security of SS7, a global network that cellular carriers use to communicate with one another when directing calls, texts and Internet data.

The system was built decades ago, when only a few large carriers controlled the bulk of global phone traffic. Now thousands of companies use SS7 to provide services to billions of phones and other mobile devices, security experts say. All of these companies have access to the network and can send queries to other companies on the SS7 system, making the entire network more vulnerable to exploitation. Any one of these companies could share its access with others, including makers of surveillance systems.

I met with foreign journalists on the first day and local journalists the day after. Around 30 people attended in total, and each training session lasted just over two hours. My presentation covered threats, how you can protect your communication, local data, and external data, as well as how to use the Tor Browser Bundle and Tails. I gave out USB sticks with the Tor Browser Bundle, the short user manual, and the CPJ Journalist Security Guide. PC users were also given USB sticks with Tails.

This is a plot of the NSA programs revealed in the past year according to whether they are bulk or targeted, and whether the targets of surveillance are foreign or domestic. Most of the programs fall squarely into the agency’s stated mission of foreign surveillance, but some – particularly those that are both domestic and broad-sweeping – are more controversial.

Just as with the New York Magazine approval matrix that served as our inspiration, the placement of each program is based on judgments and is approximate.

Qubes uses virtual machines to let you manage separate “security domains”. A virtual machine (VM) is basically a tiny operating system running inside of your real operating system. If your VM gets hacked, the attacker is able to access the files and read keystrokes in that VM, but not in other VMs or on your host computer. In Qubes all software (besides the desktop environment) is running inside of VMs, and you can easily and efficiently make as many as you need for whatever purposes you need. It’s also designed in such a way that if one VM gets infected with malware, the malware won’t be there the next time you reboot that VM.

the ability of the government to go back to taps collected years earlier to look for material with which to influence potential witnesses in the present

So people who have “nothing to hide” should ask themselves if that is equally true of their spouses or children, or neighbors, who could possibly be turned into informants by threat of their private lives being revealed.

Use secure communications tools (here some useful tips by security expert Bruce Schneier). Your communications are still significantly more protected if you are using encrypted communications tools such as messaging over OTR or browsing the web using HTTPS Everywhere than if you are sending your communications in the clear.

A federal judge has ruled to allow Chevron, through a subpoena to Microsoft, to collect the IP usage records and identity information for email accounts owned by over 100 environmental activists, journalists and attorneys.

the subpoena demands the personal information about each account holder as well as the IP addresses associated with every login to each account over a nine-year period. "This could allow Chevron to determine the countries, states, cities or even buildings where the account-holders were checking their email," they write, "so as to 'infer the movements of the users over the relevant period and might permit Chevron to makes inferences about some of the user’s professional and personal relationships.'"

This post explained where these companies get their data, what information they share with Facebook, or what this means for your privacy.
who has your information, how they get it, and what they do with it. It’s a lot of information, so we’ve organized it into an FAQ for convenience.

BrowserLeaks.com — It's all about Web Browser Fingerprinting. Here you will find the gallery of web browser security testing tools, that tell you what exactly personal identity data may be leaked without any permissions when you surf the Internet.

All features are separated into sections according to the used technology:

Sure, we can take measures to prevent this. We can limit what we search on Google from our iPhones, and instead use computer web browsers that allow us to delete cookies. We can use an alias on Facebook. We can turn our cell phones off and spend cash. But increasingly, none of it matters.

Welcome to an Internet without privacy, and we've ended up here with hardly a fight.

The initial version of the "Providers' Commitment to Privacy" (PCP) policy was drawn up by an international group of participants. Discussion was English-language based and took place over approximately 3 years using face-to-face and (encrypted) virtual communication. The resulting, consensus-based document is available on this website.